74cms Remote Code Execution Vulnerability
- Vulnerability Type :
Remote Code Execution - Vulnerability Version :
74CMS < 6.0.48 - Recurring environment:
Windows 10
PHP 5.4.5
Apache 2.4.23 - Vulnerability analysis
Vulnerability file:in /Application/Common/Controller/BaseController.class.php used assign_resume_tpl method.

in /ThinkPHP/Library/Think/View.class.php

To view a profile: /ThinkPHP/Conf/convention.php

follow-up file: /ThinkPHP/Library/Think/Hook.class.php

Hook configuration file: /ThinkPHP/Mode/common.php

It depends on the implementation of run method,in /ThinkPHP/Library/Behavior/ParseTemplateBehavior.class.php

in /ThinkPHP/Library/Think/Template.class.php

Enter compiler method,in /ThinkPHP/Library/Think/Template.class.php

Returns the loadtemplate method

in /ThinkPHP/Library/Think/Storage/Driver/File.class.php

After the resume is updated, upload photos:

After uploading the image horse, the image address will be generated:

Copy the path and call assign through the a method_ resume_ TPL function, and then submit the path through post:




